OpenCHAMI Weekly Digest: Nov 17–Nov 24, 2025

OpenCHAMI Weekly Digest (Last 7 Days)

Highlights#

• SELinux compatibility fix underway: Resolving an issue where the coresmd-coredns container struggles to read the Corefile reliably under SELinux access controls (issue #39, PR #40).
• Enhancing CoreDNS plugin: Implementation started for a new Fallthrough feature in the CoreSMD CoreDNS plugin to improve DNS resolution flexibility (issue #30).
• Improved secret management: Ongoing work to better handle secret storage within the kube-deploy project for safer deployments (issue #3).
• Power-control upgrade to Docker builds: Transition completed to Docker-based build and release workflow, simplifying and standardizing builds (PR #57, PR #59).
• OAuth2 tokens for secure requests: Added support for OAuth2 access tokens to SMD requests to enhance authentication (PR #56).
• Better kernel boot scripts: New PR adds JSON-configurable kernel parameter list support on /bootscript, improving boot customization (PR #75).
• Policy management modernization: The Tokensmith project is replacing its internal policy engine with the widely used Casbin library for authorization (issue #5, PR #6).
• Documentation and community standards: New guides for coding standards and linters drafted to boost code quality and consistency (issue #11); added maintainers and codeowners to multiple repos to improve project governance (issue #21).
• Website fixes and updates: Resolved excessive whitespace on the tutorial page affecting Chrome users (PR #54); updated conference listings and logos for 2026 events (PR #51).
• Deployment recipes dependencies updated: Continued dependency bumps for improved security and stability across repositories (PR #143, PR #127).

New & Notable PRs#

• Add new discover format and conversion script — ochami #63
• Integrate Casbin into Tokensmith policy middleware — tokensmith #6
• Switch to Docker-based builds in power-control #57
• Fix Chrome SVG rendering issue on tutorial page — openchami.org #54

Issues to Watch#

• SELinux access controls affecting CoreDNS container reliability (release #39)
• Secret storage enhancements for safer Kubernetes deployments (kube-deploy #3)
• Improving community governance and coding standards (community #11, community #21)
• OAuth2 support implementation and effect on power-control security (power-control #56)

Releases#

No new releases this week.

Contributor Thanks#

Big thanks to our top contributors this week:

• erl-hpe — CoreDNS improvements, blog post drafts, website fixes
• rainest — Power-control Docker builds and workflow fixes
• alexlovelltroy — Community docs, policy engine refactor, website updates
• synackd — ochami enhancements
• Dependabot — keeping dependencies up to date and secure

What’s next#

• Finalize SELinux CoreDNS container fixes and release a patched version
• Complete the Fallthrough feature for CoreSMD CoreDNS plugin
• Roll out OAuth2 token support fully in power-control and document usage
• Expand community standards guide and apply to repositories
• Announce integration with Casbin and its benefits in a dedicated blog post

Proposed Blog Titles#

• “How OpenCHAMI Improves CoreDNS with SELinux-Compatible Containers”
• “Modernizing Authorization: Introducing Casbin to OpenCHAMI Tokensmith”
• “Switching to Docker-Based Builds: Power-Control’s Journey to Simplicity”
• “Securing Kubernetes Deployments with Enhanced Secret Storage”
• “Improving Community Standards: A Guide to Coding and Governance at OpenCHAMI”